CVE-2020-25166
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Severity Score
7.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
Una verificación incorrecta de la firma criptográfica de las actualizaciones de firmware del B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y del módulo de Datos compactplus Versiones A10 y A11, permite a atacantes generar actualizaciones de firmware válidas con contenido arbitrario que puede usarse para manipular los dispositivos
*Credits:
Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-04 CVE Reserved
- 2022-04-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html | Broken Link | |
| https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a10 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a10" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a11 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a11" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | <= l81 Search vendor "Bbraun" for product "Spacecom" and version " <= l81" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | - | - |
Safe
|